Method and system for authenticating entity based on symmetric encryption algorithm

摘要

A method and a system for authenticating an entity based on a symmetric encryption algorithm are provided. The method includes the following steps: 1) an entity A sends an authentication request message to an entity B; 2) after receiving the authentication request message, the entity B sends an authentication response message to the entity A; 3) the entity A determines the validity of the entity B according to the received authentication response message. The implementation cost of the system can be reduced by using the authentication according to the invention.

主权项

1. A method for authenticating an entity based on a symmetric encryption algorithm, wherein a Pre-Shared Key (PSK) has been shared between an entity A and an entity B, the method comprising:
sending, by the entity A, an authentication request message to the entity B, wherein the authentication request message comprises N1, which is a random number generated by the entity A; after receiving the authentication request message sent by the entity A, generating, by the entity B, one or two random numbers, and then generating an authentication response message in such a manner that the entity B generates a message authentication code by using N1, the PSK and the one or two random numbers generated by the entity B, wherein the authentication response message includes N1 and the message authentication code, sending, by the entity B, the authentication response message to the entity A and taking the one random number or one of the one or two random numbers as a session key with the entity A; and determining, by the entity A, the validity of the entity B according to the received authentication response message, wherein the entity A firstly determines whether N1 carried in the authentication response message is equal to N1 generated by the entity A, wherein the entity A includes a first transmitter and a first receiver, and the entity B includes a second transmitter and a second receiver, wherein the PSK remains unchanged during the process of the authentication between the entity A and the entity B, wherein sending, by the entity B, the authentication response message to the entity A after receiving the authentication request message sent by the entity A comprises: after receiving the authentication request message sent by the entity A, generating, by the entity B, a random number N3 and calculating a message authentication code MAC1=E(N1//N3,PSK), wherein “//” represents series connection of messages, E is a symmetric encryption algorithm, and MAC1 contains an integrity check code ACC1 calculated on N1//N3 with the PSK and a ciphertext formed after an encryption; or after receiving the authentication request message sent by the entity A, generating, by the entity B, a random number N3 and deriving, by the entity B, an integrity check key PSK1 and an encryption key PSK2 according to the PSK, calculating the integrity check code ACC1 using PSK1, and performing encryption using PSK2 to form a ciphertext, then MAC1=E(N1//N3,PSK1//PSK2); constructing, by the entity B, the authentication response message which comprises N1 and MAC1, sending the authentication response message to the entity A, and taking N3 as a session key with the entity A.